# 面向智能体重识别的LLM匿名化：AURA框架

- 来源：HuggingFace Daily Papers（社区热门论文）
- 发布时间：2026-06-01 08:00
- AIHOT 分数：60
- AIHOT 链接：https://aihot.virxact.com/items/cmq17v5wp0db8sltr8l2jzd1w
- 原文链接：https://arxiv.org/abs/2605.30848

## AI 摘要

Agentic LLM结合网络搜索使弱上下文线索可成为跨源重识别证据，现有防御仅移除显式标识符或扰动文本，未充分探索抵抗智能体重识别与保留效用的操作区间。AURA是一种LLM掩码-重构框架，将隐私定位与效用保留重构解耦，并通过对抗性隐私与效用保留检查选择候选。在真实访谈转录上使用网络搜索智能体重识别攻击评估，结合受访者画像、编码本及联合上下文效用网格进行效用评估。结果显示，AURA通过自适应隐私范围提升对智能体重识别的抵抗力，并在固定隐私范围下更好地保留上下文效用。

## 正文

Agentic LLMs with web search change the threat model for text anonymization: weak contextual cues can become cross-referenceable evidence for re-identification, yet those same details also carry downstream analytic value of the text. Existing defenses either remove explicit identifiers, perturb text for formal privacy, or test rewritten text against non-web inference models, leaving underexplored the operating region between resistance to agentic web-search re-identification and utility retention. We introduce AURA (Anonymization with Utility-Retention Adaptation), an LLM-powered mask-reconstruct framework that decouples privacy localization from utility-preserving reconstruction and selects candidates with adversarial privacy and utility-retention checks. We evaluate AURA on real-user interview transcripts using re-identification attacks carried out by web-search agents, along with a utility evaluation based on interviewee-profile facts, codebook facts, and the joint contextual utility grid. Our results show that AURA improves the privacy-utility frontier by using adaptive privacy scope to strengthen resistance to agentic re-identification and using a mask-reconstruct anonymization method to better preserve contextual utility under fixed privacy scope.
